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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 01/15/2008 appealing from the Office Action mailed 
on 03/08/2007 and Advisory Action mailed on 07/23/2007. 
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(1) Real Party in Interest 

A statement identifying the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

A statement identifying the related appeals and interferences which will directly affect or 
be directly affected by or have a bearing on the decision in the pending appeal is contained in the 
brief. 

(3) Status of Claims 

The statement of the status of the claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal in the 
brief is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

US 6675261 B2 Shandony 01-2004 

US 6049799 A Mangat et al. 04-2000 

(9) Grounds of Rejection 
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The following ground(s) of rejection are applicable to the appealed claims: 
1. Claims 1-25 rejected under 35 U.S. C. 103(a) as being unpatentable over Shandony 
(US 6675261 B2), hereinafter referred as Shandony, and further in view of Mangat et al. 
(US 6049799 A), hereinafter referred as Mangat. 

a. Shandony shows (claim 1) a method comprising: populating a directory with 
entries for each of a plurality of users of a multi-user computing environment, 
wherein each entry in the directory comprises a user ID and one or more group 
names, wherein each of the one or more group names corresponds to a group to 
which the user ID belongs, and wherein at least one of the entries in the directory 
comprises a first group name of the one or more group names (Fig. 1, 5, 7-12: 
Empl, Org A, Org B, Org C, Org D, Uid, Create Group, My Groups, entity, 
domain; column 7, line 64-column 8, line 12: Group Manager 44 allows entities 
to create, delete and manage groups of users who need identical access privileges 
to a specific resource or set of resources. Managing and controlling privileges for 
a group of related people); determining a first group access control list for the first 
group name, wherein the first group access control list comprises the user IDs of 
users whose directory entries comprise the first group name (column 7, lines 64- 
column 8, 29: access privileges for a group of users on resources); for each data 
source in the multi-user computing environment which permits access by the first 
group name, granting access to the respective data source to the users in the first 
group access control list (Fig. 7-12; column 7, line 64-column 8, line 12: Group 
Manager 44 allows entities to create, delete and manage groups of users who need 
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identical access privileges to a specific resource or set of resources. Managing and 
controlling privileges for a group of related people). Shandony does not show 
explicitly (claim 1) wherein the first group access control list is stored outside of 
the directory. 

b. Mangat shows (claim 1) wherein the first group access control list is stored 
outside of the directory (Fig. 4 and 5, column 2, lines 14-28: new type of directory 
services object that may be used to provide document management of documents 
accessed by users, groups of users; column 12, line 23-33: user object and group 
object are separate: column 15, line 10-43: user object; column 16, line 13-21: 
group object; user object and group object are quite different in their functions) in 
an analogous art for the purpose of document link management using directory 
services. 

c. It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to modify Shandony' s functions of request based caching 
of data store data with Mangat' s function of document link management. 

d. The modification would have been obvious because one of ordinary skill in the art 
would have been motivated to have group access functions different from user 
access functions per Mangat and Shandony' s teaching. 

e. Regarding claim 2, Shandony shows wherein each entry in the directory 
comprises a user password; and wherein the method further comprises 
authenticating each user ID using the associated user password (column 9, lines 
10-43). 
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f. Regarding claim 3, Shandony shows wherein each entry in the directory 
comprises zero, one, or a plurality of hostnames (Fig. 1 and 3); wherein the 
directory comprises a first hostname; and wherein the method further comprises: 
for each data source in the multi-user computing environment which permits 
access by the first hostname, granting access to the data source to the one or more 
users whose directory entries comprise the first hostname and who are seeking 
access from the host having the first hostname (Fig. 1, 5 and 69; column 6, lines 
52-57: The Access System includes Access Server 34, Web Gate 28, and 
Directory Server 36. Access Server 34 provides authentication, authorization, 
auditing logging services. It further provides for identity profiles to be used across 
multiple domains and Web Servers from a single web-based authentication (sign- 
on); column 71, line 47-column 72, line 12: checking POST from Web Gate for 
access verification). 

g. Regarding claim 4, Shandony shows wherein the data source comprises a file or a 
directory in a file system coupled to the multi-user computing environment (Fig. 
1,3 and 8-15). 

h. Regarding claim 5, Shandony shows wherein the access comprises read access; 
and wherein the granting access to the data source to the users in the first group 
access control list comprises permitting the users in the first group access control 
list to read the data source (column 13, lines 25-27). 

i. Regarding claim 6, Shandony shows wherein the access comprises write access; 
and wherein the granting access to the data source to the users in the first group 
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access control list comprises permitting the users in the first group access control 
list to write to the data source (column 13, lines 27-33). 

j. Regarding claim 7, Shandony shows wherein the access comprises execute 

access; and wherein the granting access to the data source to the users in the first 
group access control list comprises permitting the users in the first group access 
control list to execute the data source (column 13, lines 40-53). 

k. Regarding claim 8, Shandony shows for each data source in the multi-user 

computing environment which permits access by the first group name and owner 
but denies access to others, denying access to the data source to users who are not 
in the first group access control list and who are not the owner of the data source 
(column 7, lines 54-column 8, line 11; column 71, line 47-column 72, line 12: 
checking POST from Web Gate for access verification). 

1. Regarding claim 9, Shandony shows wherein the multi-user computing 

environment comprises a UNIX based operating system (column 11, lines 5-6). 

m. Claim 10-16 is of the same scope as claims 1-7 and 9. These are rejected for the 
same reasons as for claims 1-7 and 9. 

n. Claims 17-25 are of the same scope as claims 1-9. These are rejected for the same 
reasons as for claims 1-9. 
Together Shandony and Mangat disclosed all limitations of claims 1-25. Claims 1-25 are 
rejected under 35 U.S.C. 103(a). 
(10) Response to Argument 
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In response to Appellant's argument that Shandony and Mangat, taken individually or in 
combination, do not teach or suggest that a first group access control list (comprising the user 
IDs of users whose entries comprise the first group name) is stored outside of the directory, in 
combination with the remaining features of claim 1 (see paragraphs starting 2 nd to last on page 5 
of current appeal brief filed): 

1 . As per item a of the Response to Arguments in office action dated 01/27/2006: 

The applicant has claimed "the determining a first group access control list ..." 
with the references to Fig. 5, 127, Fig. 6, 603, page 3, line 24-page 4, line 2, page 
12, lines 23-28, and page 13, lines 22-29. The cited references narrate the 
intended functions and possible contents of access control list. The cited 
references do not provide detail description of how to determine. The claim is 
thus interpreted to have access control list based on the directory entries. 
As the applicant points out (Fig. 5), the directory server (113) and access control 
list (127) are in the same computer system (100). The applicant has also pointed 
out (page 10, lines 5-7) a file system (1 1 1) contains files, directories and any other 
suitable form of information. 

2. As per claim 1 rejection in item l.a of section 9 above, Shandony has shown in Fig. 1, 
5, 7-12 Empl, Org A, Org B, Org C, Org D, Uid, Create Group, My Groups, entity and 
domain; (column 7, line 64-column 8, line 12) Group Manager 44 allows entities to 
create, delete and manage groups of users who need identical access privileges to a 
specific resource or set of resources, i.e. manage and control privileges for a group of 
related people. As further in column 8, lines 12-29 of Shandony, with group manager, 
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companies (or other entities) can allow individuals to self-subscribe to, unsubscribe from, 
view and request subscription to groups that have access to applications they need. Thus 
Shandony has shown as per claim 1 rejection the limitation of populating a directory with 
entries for each of plurality of users of a multi-user computing environment and 
determining a first group access control list for the first group name. As per claim 1 
rejection, Shandony does not seem to show explicitly wherein the first group access 
control list is stored outside of the directory. This is actually not quite true. As the 
directory per claim 1 language is per user. Shandony has shown (column 6, line 64- 
column 7, lines 19) that an identity profile is a set of information associated with a 
particular entity, e.g. user, group and organization; and User Manger manages identity 
profile for individual users; group managers manages identity profiles for groups. It 
seems that profiles for users are separated from profiles for groups as per Shandony. 
Shandony has also shown (column 36, lines 54-65) an identify profile for a group 
includes an attribute that stores a list of all static member; (column 38, lines 22-42) a 
membership list is kept and updated for groups; (column 38, line 66-column 39, line 6) 
an entity, e.g. user, accesses and requests to see the members of the group or the 
expanded list of members. Thus it seems clear that Shandony alone may have the 
limitation of "wherein the first group access control list is stored outside of the 
directory". 

3 . As Mangat was originally brought in to show the limitation of "wherein the first 
group access control list is stored outside of the directory". The recited reference (Fig. 4 
and 5, column 2, lines 14-28: new type of directory services object that may be used to 
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provide document management of documents accessed by users, groups of user, e.g. 
Docloc objects; column 12, line 23-33: user object and group object are separate: column 
15, line 10-43: user object; column 16, line 13-21: group object; user object and group 
object are quite different in their functions) seem to further clearly identify the separation 
of user object from group object wherein the group object contains a membership list. 
Magnat clearly teaches a "Docloc table" (a form of list) stored outside a directory system, 
said table pointed to by Docloc object to store information (column 2, lines 14-28). 
In response to Appellant's argument of Shandony not teaching or suggesting "granting 
access to the data source to the one or more users whose directory entries comprise the first 
hostname and who are seeking access from the host having the first hostname" (see paragraphs 
starting last on page 5 of current appeal brief filed): 

1 . Appellant has states that Shandony disclose a policy URL obtain from a diretory 
entry including a hostname (see paragraphs starting last on page 5 of current appeal brief 
filed). As per claim 3 rejection in item l.f of section 9 above, Shandony has shown that 
(Fig. 1, 5 and 69; column 6, lines 52-57) the Access System includes Access Server 34, 
Web Gate 28, and Directory Server 36; Access Server 34 provides authentication, 
authorization, auditing logging services; It further provides for identity profiles to be used 
across multiple domains and Web Servers from a single web-based authentication (sign- 
on) and (column 71, line 47-column 72, line 12) checking POST from Web Gate for 
access verification). As further per the response to argument in Advisory Action dated 
07/23/2007, Shandony has shown (Fig. 5 and column 14, line 47-column 15, line 17) an 
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user can access the Identity System services using a browser providing login page for 
authentication/authorization to applications. 
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(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
Peling A Shaw 
/P. A. S./ 

Examiner, Art Unit 2144 

March 24, 2008 

/William C. Vaughn, Jr./ 

Supervisory Patent Examiner, Art Unit 2144 

Conferees: 

/William C. Vaughn, Jr./ 
Supervisory Patent Examiner, Art Unit 2144 
/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2151 



